pop-ups inspite of running adaware,spybot,cwsshredder

Unknown

Respected Sir/ma'm
thank you for volunteering to take time to read my mail. i am not an expert at using the computer. and once before too this forum has come to my rescue in taking out smitfraud trojan. i am ever grateful.

this computer i am using has multiple log-in (actually has commercial oracle programs). it seems to have contracted pop up programs and spyware during surfing. it comes up with casino ads and dating services. i have tried adaware s&e, spybot, cwsshredder, etc. spyware doctor, etc. but doesnt seem to take the root problem out. when i run adaware it mentions registry keys
more than 0. and when i fix it, it still shows up and starts pop ups again. also there is no problem with the home page and it still opens up normally. only that the pop ups come up. also sometimes the pop ups are blank and look like some program does try to stop them but they nonetheless show up.

i ran hijack this and am including the logfile below: please help me out sir/ma'm.

also i am not sure which operating system this is because when i tried doing the show hidden file method, it didnt work. maybe i am mistaken about the windows edition. please guide me.

Logfile of HijackThis v1.98.2
Scan saved at 4:01:30 AM, on 7/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINNT\system32\mstsc.exe
C:\WINNT\system32\javaw.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\InterMute\AdSubtract\AdSub.exe
C:\Documents and
Settings\302\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:1035
O1 - Hosts: 192.1.1.27 hotel_1
O1 - Hosts: 192.1.1.22 hotel_2
O1 - Hosts: 192.1.1.71 training
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: AdSubtract Toolbar -
{F14AABDD-0232-4e5a-9B52-4178AC0A62B5} -
C:\WINNT\system32\adsubtb.dll
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [checkrun]
C:\winnt\system32\elitehkc32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: AdSubtract.lnk = C:\Program
Files\InterMute\AdSubtract\AdSub.exe
O4 - Global Startup: PMS Interfaces 3.1.lnk =
C:\Vagabond\VFSInterfaces3.1\VFSInterfaces.bat
O4 - Global Startup: VAGABOND PMS.lnk =
C:\WINNT\system32\mstsc.exe
O8 - Extra context menu item: AdSubtract: Bypass Site
- res://C:\Program
Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image
- res://C:\Program
Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site
- res://C:\Program
Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Translate into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -



thanks a million.

Shadow2018

Hidden files and folders:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx

The steps for showing the hidden files should be the same for 2000 as it is for XP.

Download ewido security suite and save the setup file to your desktop. Run the setup file for ewido s.s. Once the setup is complete open ewido. You will be prompted to update ewido at this time. Please do this now. Run a full scan with ewido s.s. and save the scan results from ewido.

Post a new Hijack This log with the results from ewido.

Shadow2018

you also need to upgrade Hijack This to the newest version of 1.99.1.